Provisioning and administrative tools for MIT KDC

Greg Wallace greg at emusoftware.com
Sun Jan 13 17:59:07 EST 2008


Hi All,

At the Fedora Users and Developer Conference yesterday they announced a
new remote maagement project that might be interesting to people following
this thread.

You can find out more about it here:  https://fedorahosted.org/func

Best,

Greg

On Thu, January 10, 2008 10:59 pm, Marcus Watts wrote:
> res at qoxp.net replied to Vincenzo.Carnuccio at valueteam.com:
> ...
>>     CV> -Is there any API interface (java, c,any other language) to
>>     CV> perform administrative operations? (add a principal, change a
>>     CV> password, delete a principal)
>>
>>
>>     CV> We must perform automatic provisioning via a web application
>> (jsp)
>>     CV> so it seems to be not a good solution using the kadmin command
>> via
>>     CV> System Calls.
>>
>>     CV> The KDC is the MIT's one
>>
>> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm
>>
>>     CV> Thank you in advance.
>
> The perl module is probably the best available at present.
>
> Recent versions of MIT kerberos should also export a C callable
> api for kadm5.  With older versions of MIT this was also possible,
> but required extracting bits from built source for MIT k5.
> If you feel like experimenting, this may help,
> http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
>
> There are also possibilities with java.  I've got a java library
> that will do this, which I hope to make generally available shortly.
> It's undergoing review and final feature development right now.  It uses
> jni and calls into gssrpc.  A future version could be pure java, but
> that wasn't feasible right off.
>
> If you want a different java answer - opensolaris has a java library built
> into its source.  It uses jni and calls into kadm5.  Note CDDL licensing.
> Here's how to fetch a copy,
>
> do this,
> < find a filesystem with lots of space on a machine with mercurial >
> hg clone ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
> then look here:
> onnv-gate/usr/src/OPENSOLARIS.LICENSE
> onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c
> onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java
> for more on solaris,
> http://opensolaris.org/os/project/onnv/
> You will probably have to work out your own build procedure.
>
> We didn't go with that for various reasons, but maybe it
> can meet your needs.
>
> 					-Marcus Watts
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


-- 
Greg Wallace
Co-Founder and CEO
Emu Software, Inc.
Sponsor of the NetDirector Open Management Console Project
www.netdirector.org
o: 617.830.1835
m: 919.247.3165
skype: gregwallaceemu



More information about the Kerberos mailing list